ClawHub

Clean Code

v1.0.0

Pragmatic coding standards - concise, direct, no over-engineering, no unnecessary comments

23· 6.1k·43 current·48 all-time
by@gabrielsubtil
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (pragmatic coding standards) match the SKILL.md content: naming/function rules, anti-patterns, and a pre-completion checklist. There are no unexpected environment variables, binaries, or installs requested that would be inconsistent with a style/quality guideline skill.
Instruction Scope
The instructions focus on editing code, running checks, and verifying changes, which is appropriate. However the skill mandates that agents 'Edit the file + all dependent files in the SAME task' and includes a mapping of repository-local verification scripts under .agent/skills/... — this encourages broad repository reads/writes and execution of local scripts. That is coherent for a code-editing workflow but increases the scope of changes an agent may perform and the number of files it may touch, so operators should prefer review-before-commit and limit write permissions.
Install Mechanism
No install specification or downloaded code is present; the skill is instruction-only, which is the lowest install risk.
Credentials
The skill declares no environment variables, credentials, or config paths. The SKILL.md references only repository-local paths and test/lint scripts; it does not request or reference external secret values or unrelated services.
Persistence & Privilege
The skill does not request always:true or any persistent system-level privileges. Model invocation is enabled (the platform default), which is normal for skills and not by itself a concern.
Assessment
This skill appears to be a straightforward coding-style instruction set and is internally consistent. Before installing or allowing it to run with write/execute permissions: (1) confirm you trust the agent and repository, because the skill encourages editing dependent files in the same task (which can produce wide-ranging changes), (2) review any .agent/skills/... scripts the agent will run — they execute code from the workspace and might run networked commands, and (3) prefer a workflow where the agent proposes changes as patches or a pull request for human review rather than committing automatically. If you need tighter control, restrict the agent's ability to execute repository scripts or require explicit confirmation before running verification scripts or applying edits.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bxfsxavq154962gwnz6wq718045yb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments